AIS Exam #2 Questions With Complete Solutions
Preventive, Detective, Corrective - ANSWER-Internal Controls
-Internal environment
-Objective setting
-Event identification
-Risk assessment
-Risk response
-Control activities
-Information and communication
-Monitoring - ANSWER-COSO-ERM
Threat or Event - ANSWER-Any potential adverse occurrence or unwanted event that could be
injurious to either the AIS or the organization
Exposure or Impact - ANSWER-The potential dollar loss should a particular threat become a
reality
Likelihood - ANSWER-The probability that the threat will happen
Preventive Controls - ANSWER-Deter problems from occurring
Uses segregation of duties with cash handling
Detective Controls - ANSWER-Discover problems that are not prevented
-Log Analysis
-Intrusion Detection Systems
-Penetration Testing
-Continuous Monitoring
Corrective Controls - ANSWER--Identify and correct problems
-Recovers from those problems
+Computer Incident Response Team
+Chief Information Security Officer
, +Patch Management
-Data Matching
-File Labels
-Recalculation of batch totals
-Cross-footing
-Zero-balance tests
-Write-protection mechanisms
-Concurrent update controls - ANSWER-Processing controls for computer processing
Limit Check - ANSWER-Tests numerical amount against a fixed value
Forms Design - ANSWER-Source documents and other forms should be designed to minimize
the chances for errors and omissions
Inherent Risk - ANSWER-Susceptibility to significant control problems in the absence of internal
controls
Write-Protection Mechanisms - ANSWER-Protect against overwriting or erasing of data files
stored on magnetic media
Compatibility Test - ANSWER-Test that matches the user's authentication credentials against the
access control matrix to determine whether they should be allowed
Data Matching - ANSWER-Two or more items of data must be matched before an action can
take place
Closed-Loop Verification - ANSWER-Input validation method that uses data entered into the
system to retrieve and display other related information so that the data entry person can verify
the accuracy of the input data
Objectives of a Disaster Recovery Plan - ANSWER--Resume normal operations as soon as
possible
-Train employees for emergency operations
-Minimize the extent of the disruption, damage, or loss
Sequence Check - ANSWER-Determines if a batch of input data is in the proper numerical or
alphabetical order
-Field Check
Preventive, Detective, Corrective - ANSWER-Internal Controls
-Internal environment
-Objective setting
-Event identification
-Risk assessment
-Risk response
-Control activities
-Information and communication
-Monitoring - ANSWER-COSO-ERM
Threat or Event - ANSWER-Any potential adverse occurrence or unwanted event that could be
injurious to either the AIS or the organization
Exposure or Impact - ANSWER-The potential dollar loss should a particular threat become a
reality
Likelihood - ANSWER-The probability that the threat will happen
Preventive Controls - ANSWER-Deter problems from occurring
Uses segregation of duties with cash handling
Detective Controls - ANSWER-Discover problems that are not prevented
-Log Analysis
-Intrusion Detection Systems
-Penetration Testing
-Continuous Monitoring
Corrective Controls - ANSWER--Identify and correct problems
-Recovers from those problems
+Computer Incident Response Team
+Chief Information Security Officer
, +Patch Management
-Data Matching
-File Labels
-Recalculation of batch totals
-Cross-footing
-Zero-balance tests
-Write-protection mechanisms
-Concurrent update controls - ANSWER-Processing controls for computer processing
Limit Check - ANSWER-Tests numerical amount against a fixed value
Forms Design - ANSWER-Source documents and other forms should be designed to minimize
the chances for errors and omissions
Inherent Risk - ANSWER-Susceptibility to significant control problems in the absence of internal
controls
Write-Protection Mechanisms - ANSWER-Protect against overwriting or erasing of data files
stored on magnetic media
Compatibility Test - ANSWER-Test that matches the user's authentication credentials against the
access control matrix to determine whether they should be allowed
Data Matching - ANSWER-Two or more items of data must be matched before an action can
take place
Closed-Loop Verification - ANSWER-Input validation method that uses data entered into the
system to retrieve and display other related information so that the data entry person can verify
the accuracy of the input data
Objectives of a Disaster Recovery Plan - ANSWER--Resume normal operations as soon as
possible
-Train employees for emergency operations
-Minimize the extent of the disruption, damage, or loss
Sequence Check - ANSWER-Determines if a batch of input data is in the proper numerical or
alphabetical order
-Field Check
